Linked item permissions

The permissions required to work with linked items can be configured in two ways in AX Server. One provides less control with lower administrative costs while the other increases control at the expense of configuration and administrative overhead.

Configuration options

AX Server provides the following configuration options for linked item permissions:

  • permissions required for the linked item only default setting with low configuration and administrative overhead

  • permissions required for the linked item and the master item provides extra control over linked items and a single location to enable and disable access

Configuring linked item permissions

Your Analytics Exchange administrator decides which method of permissions to use for linked items.

To override the default linked item permissions setting, the administrator must change the value of the doesLinkSecurityUseMasterLocation property in the aclAuditExchange.xml configuration file. The setting is applied globally and is not typically changed after initial installation however you can change it if required.

For more information about using linked items in conjunction with your audit business processes, see .

Permissions required for linked item only

Linked item access is controlled by the permissions for the folder containing the linked item. Linked item permissions behave exactly like the permissions for other types of tables, analytics, or items in the folder.

Permissions required for linked item and master item

Linked item access is controlled by the permissions for the folder containing the linked item and by the permissions for the folder containing the master item. As a result, linked item permissions behave differently from the permissions for other types of tables, analytics, or items in the folder.

Permission types

Read only permissions are required by users for the folder containing the master item, therefore any content that administrators want to restrict users from viewing needs to be located in a separate folder.

Users also need permissions for the parent collection or collections for both the linked item and master item folders. If the user does not have permissions for the folder containing the master item, or its parent collection, the linked item appears as a broken link and is not viewable or editable.

Managing a single user's permissions

Your Analytics Exchange administrator can use the folder containing the master item to centrally control and manage permissions for multiple linked items. Removing a user’s permissions for the folder containing the master item causes all links to the master to be broken for that user. If the folder contains multiple master items, all links to all master items are broken for that user.

Managing multiple users' permissions

From the Permissions tab, your Analytics Exchange can quickly remove multiple users from a single master folder or the parent collection, disabling all links for all the users, without needing to worry about locating and disabling the links at the individual link locations.

A comparison of the two methods of linked item permissions

 

Permissions required for linked item only

Permissions required for linked item and master item

Granting permissions for a new folder, or when adding a new user, requires less labor

 

Linked item permissions behave exactly like the permissions for other types of tables, analytics, or audit items

 

The folder containing the master item can be completely inaccessible (invisible) to users accessing the linked item

 

Analytics Exchange can use the folder containing the master item to centrally control and manage permissions for multiple linked items

 

Removing or re-granting linked item permissions for multiple users requires less labor, assuming you control access to linked items by maintaining master item permissions only

 

Access to a linked table or analytic can be prohibited within a folder for which a user has “Full permissions”

 

Users are prevented from giving one another access to linked items